b'     DEPARTMENT OF HEALTH & HUMAN SERVICES                                Office of Inspector General\n\n                                                                          Office of Audit Services, Region VII\n                                                                          601 East 12th Street, Room 0429\n                                                                          Kansas City, MO 64106\n\n\n\n\nAugust 9, 2010\n\nReport Number: A-07-09-03136\n\nMr. Craig Bodway\nVice President, Compliance and Regulatory Affairs\nSterling Life Insurance Company\n2219 Rimland Drive\nBellingham, WA 98226\n\nDear Mr. Bodway:\n\nEnclosed is the U.S. Department of Health & Human Services (HHS), Office of Inspector\nGeneral (OIG), final report entitled Review of Sterling Life Insurance Company\xe2\x80\x99s Internal\nControls to Guard Against Fraud, Waste and Abuse for The Medicare Part D Program. We will\nforward a copy of this report to the HHS action official noted on the following page for review\nand any action deemed necessary.\n\nThe HHS action official will make final determination as to actions taken on all matters reported.\nWe request that you respond to this official within 30 days from the date of this letter. Your\nresponse should present any comments or additional information that you believe may have a\nbearing on the final determination.\n\nSection 8L of the Inspector General Act, 5 U.S.C. App., requires that OIG post its publicly\navailable reports on the OIG Web site. Accordingly, this report will be posted at\nhttp://oig.hhs.gov.\n\nIf you have any questions or comments about this report, please do not hesitate to call me at\n(816) 426-3591, or contact Dan Bittner, Audit Manager, at (515) 284-4674, extension 23, or\nthrough email at Dan.Bittner@oig.hhs.gov. Please refer to report number A-07-09-03136 in all\ncorrespondence.\n\n                                             Sincerely,\n\n\n\n                                             /Patrick J. Cogley/\n                                             Regional Inspector General\n                                               for Audit Services\n\nEnclosure\n\x0cPage 2 \xe2\x80\x93 Mr. Craig Bodway\n\nDirect Reply to HHS Action Official:\n\nMr. Timothy B. Hill\nDeputy Director\nCenters for Drug and Health Plan Choice\nCenters for Medicare & Medicaid Services\nMail Stop C5-19-16\n7500 Security Boulevard\nBaltimore, MD 21244-1850\n\x0c   Department of Health & Human Services\n              OFFICE OF\n         INSPECTOR GENERAL\n\n\n\n\nREVIEW OF STERLING LIFE INSURANCE\n COMPANY\xe2\x80\x99S INTERNAL CONTROLS TO\n GUARD AGAINST FRAUD, WASTE AND\n ABUSE FOR THE MEDICARE PART D\n            PROGRAM\n\n\n\n\n                         Daniel R. Levinson\n                          Inspector General\n\n                            August 2010\n                           A-07-09-03136\n\x0c                        Office of Inspector General\n                                          http://oig.hhs.gov\n\n\n\nThe mission of the Office of Inspector General (OIG), as mandated by Public Law 95-452, as amended, is\nto protect the integrity of the Department of Health & Human Services (HHS) programs, as well as the\nhealth and welfare of beneficiaries served by those programs. This statutory mission is carried out\nthrough a nationwide network of audits, investigations, and inspections conducted by the following\noperating components:\n\nOffice of Audit Services\n\nThe Office of Audit Services (OAS) provides auditing services for HHS, either by conducting audits with\nits own audit resources or by overseeing audit work done by others. Audits examine the performance of\nHHS programs and/or its grantees and contractors in carrying out their respective responsibilities and are\nintended to provide independent assessments of HHS programs and operations. These assessments help\nreduce waste, abuse, and mismanagement and promote economy and efficiency throughout HHS.\n\nOffice of Evaluation and Inspections\nThe Office of Evaluation and Inspections (OEI) conducts national evaluations to provide HHS, Congress,\nand the public with timely, useful, and reliable information on significant issues. These evaluations focus\non preventing fraud, waste, or abuse and promoting economy, efficiency, and effectiveness of\ndepartmental programs. To promote impact, OEI reports also present practical recommendations for\nimproving program operations.\n\nOffice of Investigations\nThe Office of Investigations (OI) conducts criminal, civil, and administrative investigations of fraud and\nmisconduct related to HHS programs, operations, and beneficiaries. With investigators working in all 50\nStates and the District of Columbia, OI utilizes its resources by actively coordinating with the Department\nof Justice and other Federal, State, and local law enforcement authorities. The investigative efforts of OI\noften lead to criminal convictions, administrative sanctions, and/or civil monetary penalties.\n\nOffice of Counsel to the Inspector General\nThe Office of Counsel to the Inspector General (OCIG) provides general legal services to OIG, rendering\nadvice and opinions on HHS programs and operations and providing all legal support for OIG\xe2\x80\x99s internal\noperations. OCIG represents OIG in all civil and administrative fraud and abuse cases involving HHS\nprograms, including False Claims Act, program exclusion, and civil monetary penalty cases. In\nconnection with these cases, OCIG also negotiates and monitors corporate integrity agreements. OCIG\nrenders advisory opinions, issues compliance program guidance, publishes fraud alerts, and provides\nother guidance to the health care industry concerning the anti-kickback statute and other OIG enforcement\nauthorities.\n\x0c                         Notices\n\n\n    THIS REPORT IS AVAILABLE TO THE PUBLIC\n              at http://oig.hhs.gov\n\n Section 8L of the Inspector General Act, 5 U.S.C. App., requires\n that OIG post its publicly available reports on the OIG Web site.\n\nOFFICE OF AUDIT SERVICES FINDINGS AND OPINIONS\n\n The designation of financial or management practices as\n questionable, a recommendation for the disallowance of costs\n incurred or claimed, and any other conclusions and\n recommendations in this report represent the findings and\n opinions of OAS. Authorized officials of the HHS operating\n divisions will make final determination on these matters.\n\x0c                                       EXECUTIVE SUMMARY\n\nBACKGROUND\n\nThe Medicare Part D Program\n\nTitle I of the Medicare Prescription Drug, Improvement, and the Modernization Act of 2003\n(MMA) amended Title XVIII of the Social Security Act by establishing the Medicare Part D\nprescription drug benefit. Under the Part D program, which began January 1, 2006, individuals\nentitled to benefits under Part A or enrolled in Part B may obtain drug coverage. The Centers for\nMedicare & Medicaid Services (CMS), which administers Medicare, contracts with private\nprescription drug plans (Part D sponsors), which must apply to CMS to participate in the Part D\nprogram, to offer prescription drug benefits to eligible individuals.\n\nCenters for Medicare & Medicaid Services Oversight Responsibilities\n\nCMS is responsible for safeguarding the Part D program from fraud, waste and abuse (FWA),\nincluding ensuring Part D sponsors\xe2\x80\x99 compliance with applicable requirements. CMS contracts\nwith Medicare Drug Integrity Contractors (MEDIC) to perform many Part D oversight activities.\nThe MEDICs\xe2\x80\x99 responsibilities include analyzing claims and other data, investigating complaints,\nand reviewing the FWA components of Part D sponsors\xe2\x80\x99 compliance plans.\n\nPart D Sponsors\xe2\x80\x99 Responsibilities\n\nThe MMA includes a requirement that all Part D sponsors have a program to control FWA.\nAccordingly, CMS set forth regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi) that require Part D\nsponsors to have a compliance plan. The compliance plan, which must be approved by CMS,\narticulates policies, processes, and procedures for Part D sponsors to detect, correct, and prevent\nFWA. Implementing a compliance plan includes conducting the activities described in the plan\nand developing comprehensive written procedures for activities referenced in the plan. The\nsponsors\xe2\x80\x99 compliance plans must contain the required components as set forth in these\nregulations; chapter 9 of CMS\xe2\x80\x99s Prescription Drug Benefit Manual contains further\ninterpretation of the required components.\n\nSterling Life Insurance Company\n\nSterling Life Insurance Company (Sterling) is headquartered in Bellingham, Washington, and is\na subsidiary of Munich-American Holding Corporation. Sterling became a Part D sponsor in\n2006 and, during the period of this review, offered Part D drug plans in all 50 States and the\nDistrict of Columbia. Sterling contracts with Express Scripts, Inc. (ESI), to provide pharmacy\nbenefits management services including pharmacy auditing, claims processing, and formulary\nmanagement.\n\n\n\n\n                                               i\n\x0cOBJECTIVE\n\nThe objective of our review was to determine whether Sterling had adequate internal controls in\nplace to detect, correct and prevent FWA in the Part D program during the period of\nJuly 1, 2007, through June 30, 2009.\n\nSUMMARY OF FINDINGS\n\nSterling had several internal control weaknesses that compromised its ability to detect, correct\nand prevent FWA in the Part D program during the period of July 1, 2007, through\nJune 30, 2009. Specifically:\n\n  \xe2\x80\xa2   Sterling did not ensure that its employees completed compliance training pursuant to\n      Federal regulations.\n\n  \xe2\x80\xa2   Sterling did not require its contracted entities to provide compliance training to their\n      employees as required by Federal regulations.\n\n  \xe2\x80\xa2   Sterling did not perform monitoring activities of its contracted entities as required by\n      Federal regulations.\n\n  \xe2\x80\xa2   Sterling did not have a compliance committee pursuant to Federal regulations.\n\nSterling\xe2\x80\x99s Compliance Plan and its policies and procedures, if properly implemented, would\nenable Sterling to detect, correct and prevent FWA pursuant to Federal requirements. However,\nSterling did not follow the provisions of its Compliance Plan and the policies and procedures\npertaining to the compliance training of its employees and contracted entities, the monitoring of\nits contracted entities, and the designation of a compliance committee. As a result of these\ninternal control weaknesses, Sterling compromised its ability to detect, correct and prevent FWA\nin the Part D program, and increased the risk that improper payments may have occurred.\n\nRECOMMENDATIONS\n\nWe recommend that Sterling strengthen internal controls by following the provisions of its\nCompliance Plan by:\n\n  \xe2\x80\xa2   establishing policies and procedures to maintain documentation to support that its\n      employees completed compliance training pursuant to Federal regulations,\n\n  \xe2\x80\xa2   revising its contracts to require that contracted entities provide compliance training to their\n      employees as required by Federal regulations,\n\n  \xe2\x80\xa2   adhering to its policies and procedures to monitor the activities of its contracted entities as\n      required by Federal regulations, and\n\n\n\n                                                  ii\n\x0c  \xe2\x80\xa2   adhering to its policies and procedures to establish a formal compliance committee\n      pursuant to Federal regulations.\n\nSTERLING LIFE INSURANCE COMPANY COMMENTS\n\nIn written comments on our draft report, Sterling concurred with our recommendations and\ndescribed corrective actions that it had implemented or planned to implement.\n\nSterling\xe2\x80\x99s comments are included in their entirety as the Appendix.\n\n\n\n\n                                               iii\n\x0c                                                  TABLE OF CONTENTS\n\n                                                                                                                                     Page\n\nINTRODUCTION......................................................................................................................1\n\n          BACKGROUND .............................................................................................................1\n              The Medicare Part D Program .............................................................................1\n              Centers for Medicare & Medicaid Services Oversight\n                   Responsibilities ...........................................................................................1\n              Part D Sponsors\xe2\x80\x99 Responsibilities........................................................................1\n              Sterling Life Insurance Company ........................................................................1\n              Previous Office of Inspector General Work ........................................................2\n\n          OBJECTIVE, SCOPE, AND METHODOLOGY ...........................................................2\n               Objective ..............................................................................................................2\n               Scope ....................................................................................................................2\n               Methodology ........................................................................................................2\n\nFINDINGS AND RECOMMENDATIONS ............................................................................3\n\n          COMPLIANCE TRAINING FOR EMPLOYEES ..........................................................4\n\n          COMPLIANCE TRAINING FOR CONTRACTED ENTITIES ....................................4\n\n          MONITORING OF CONTRACTED ENTITIES ...........................................................5\n\n          FORMATION OF A COMPLIANCE COMMITTEE ....................................................5\n\n          RECOMMENDATIONS .................................................................................................6\n\n          STERLING LIFE INSURANCE COMPANY COMMENTS ........................................6\n\nAPPENDIX\n\n          STERLING LIFE INSURANCE COMPANY COMMENTS\n\x0c                                       INTRODUCTION\n\nBACKGROUND\n\nThe Medicare Part D Program\n\nTitle I of the Medicare Prescription Drug, Improvement, and the Modernization Act of 2003\n(MMA) amended Title XVIII of the Social Security Act by establishing the Medicare Part D\nprescription drug benefit. Under the Part D program, which began January 1, 2006, individuals\nentitled to benefits under Part A or enrolled in Part B may obtain drug coverage. The Centers for\nMedicare & Medicaid Services (CMS), which administers Medicare, contracts with private\nprescription drug plans (Part D sponsors), which must apply to CMS to participate in the Part D\nprogram, to offer prescription drug benefits to eligible individuals.\n\nCenters for Medicare & Medicaid Services Oversight Responsibilities\n\nCMS is responsible for safeguarding the Part D program from fraud, waste and abuse (FWA),\nincluding ensuring Part D sponsors\xe2\x80\x99 compliance with applicable requirements. CMS developed\nchapter 9 of the Prescription Drug Benefit Manual, which provides guidance to Part D sponsors\nfor developing a program to control FWA.\n\nCMS contracts with Medicare Drug Integrity Contractors (MEDIC) to perform many Part D\noversight activities. The MEDICs\xe2\x80\x99 responsibilities include analyzing claims and other data,\ninvestigating complaints, and reviewing the FWA components of Part D sponsors\xe2\x80\x99 compliance\nplans.\n\nPart D Sponsors\xe2\x80\x99 Responsibilities\n\nThe MMA includes a requirement that all Part D sponsors have a program to control FWA.\nAccordingly, CMS set forth regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi) that require Part D\nsponsors to have a compliance plan. The compliance plan, which must be approved by CMS,\narticulates policies, processes, and procedures for Part D sponsors to detect, correct, and prevent\nFWA. Implementing a compliance plan includes conducting the activities described in the plan\nand developing comprehensive written procedures for activities referenced in the plan. The\nsponsors\xe2\x80\x99 compliance plans must contain the required components as set forth in these\nregulations; chapter 9 of CMS\xe2\x80\x99s Prescription Drug Benefit Manual contains further\ninterpretation of the required components.\n\nSterling Life Insurance Company\n\nSterling Life Insurance Company (Sterling) is headquartered in Bellingham, Washington, and is\na subsidiary of Munich-American Holding Corporation. Sterling became a Part D sponsor in\n2006 and, during the period of this review, offered Part D drug plans in all 50 States and the\nDistrict of Columbia. Sterling contracts with Express Scripts, Inc. (ESI), to provide pharmacy\nbenefits management services including pharmacy auditing, claims processing, and formulary\nmanagement.\n\n                                                 1\n\x0cPrevious Office of Inspector General Work\n\nThe U.S. Department of Health & Human Services, Office of Inspector General, Office of\nEvaluation and Inspections (OEI), issued two reports regarding Part D sponsors\xe2\x80\x99 compliance\nplans and a third report that dealt more generally with the reporting of potential FWA on the\nparts of Part D sponsors. In the first report, entitled Prescription Drug Plan Sponsors\xe2\x80\x99\nCompliance Plans (OEI-03-06-00100) and issued in December 2006, OEI found that most\nPart D sponsors\xe2\x80\x99 compliance plans did not address all of the CMS requirements or\nrecommendations as to the content of those plans. The second report, issued in October 2008\nand entitled Oversight of Prescription Drug Plan Sponsors\xe2\x80\x99 Compliance Plans\n(OEI-03-08-00230), found that in calendar year 2007 CMS conducted only one audit of a Part D\nsponsor\xe2\x80\x99s compliance plan.\n\nIn addition, OEI issued a report in October 2008 entitled Medicare Drug Plan Sponsors\xe2\x80\x99\nIdentification of Potential Fraud and Abuse (OEI-03-07-00380). OEI found that 24 of the 86\nPart D sponsors reviewed did not identify any potential FWA, and that inappropriate billing was\nthe most prevalent type of potential FWA that Part D sponsors identified in their reports of\npotential FWA.\n\nOBJECTIVE, SCOPE, AND METHODOLOGY\n\nObjective\n\nThe objective of our review was to determine whether Sterling had adequate internal controls in\nplace to detect, correct and prevent FWA in the Part D program during the period of\nJuly 1, 2007, through June 30, 2009.\n\nScope\n\nWe reviewed Sterling\xe2\x80\x99s internal controls that pertained to the detection, correction and\nprevention of FWA in the Part D program for the period of July 1, 2007, through June 30, 2009.\nWe limited our review to Sterling\xe2\x80\x99s prescription drug plan, CMS contract number S4802.\nWe did not test the claims processing edits that were in place to ensure that unallowable claims\nare properly rejected.\n\nWe conducted fieldwork at the corporate offices of Sterling in Bellingham, Washington, and of\nESI in St. Louis, Missouri, and in our field office in Des Moines, Iowa, from September 2009\nthrough March 2010.\n\nMethodology\n\nTo accomplish our objective, we:\n\n  \xe2\x80\xa2     reviewed applicable Federal regulations and CMS guidance;\n\n\n\n\n                                                2\n\x0c    \xe2\x80\xa2   held discussions with CMS officials and MEDIC staff members to gain an understanding\n        of the oversight activities pertaining to Part D sponsors\xe2\x80\x99 FWA programs;\n\n    \xe2\x80\xa2   interviewed Sterling and ESI officials to gain an understanding of both Sterling\xe2\x80\x99s FWA\n        program and its internal controls to detect, correct and prevent FWA in the Part D\n        program;\n\n    \xe2\x80\xa2   reviewed Sterling\xe2\x80\x99s Compliance Plan as well as policies and procedures related to the\n        internal controls to detect, correct and prevent FWA in the Part D program;\n\n    \xe2\x80\xa2   reviewed Sterling\xe2\x80\x99s potential FWA cases for the period of July 1, 2007, through\n        June 30, 2009;\n\n    \xe2\x80\xa2   reviewed Sterling\xe2\x80\x99s contracts and requirements for its contracted entities that were\n        responsible for the administration and delivery of the Part D program; and\n\n    \xe2\x80\xa2   reviewed Sterling\xe2\x80\x99s compliance training documentation for 2007 and 2008. 1\n\nWe conducted this performance audit in accordance with generally accepted government\nauditing standards. Those standards require that we plan and perform the audit to obtain\nsufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions\nbased on our audit objectives. We believe that the evidence obtained provides a reasonable basis\nfor our findings and conclusions based on our audit objective.\n\n                              FINDINGS AND RECOMMENDATIONS\n\nSterling had several internal control weaknesses that compromised its ability to detect, correct\nand prevent FWA in the Part D program during the period of July 1, 2007, through\nJune 30, 2009. Specifically:\n\n    \xe2\x80\xa2   Sterling did not ensure that its employees completed compliance training pursuant to\n        Federal regulations.\n\n    \xe2\x80\xa2   Sterling did not require its contracted entities to provide compliance training to their\n        employees as required by Federal regulations.\n\n    \xe2\x80\xa2   Sterling did not perform monitoring activities of its contracted entities as required by\n        Federal regulations.\n\n    \xe2\x80\xa2   Sterling did not have a compliance committee pursuant to Federal regulations.\n\n\n\n\n1\n Sterling compiled its training documentation by calendar year. Therefore, the training documentation reviewed did\nnot include information on training conducted in calendar year 2009.\n\n                                                        3\n\x0cSterling\xe2\x80\x99s Compliance Plan and its policies and procedures, if properly implemented, would\nenable Sterling to detect, correct and prevent FWA pursuant to Federal requirements. However,\nSterling did not follow the provisions of its Compliance Plan and the policies and procedures\npertaining to the compliance training of its employees and contracted entities, the monitoring of\nits contracted entities, and the designation of a compliance committee. As a result of these\ninternal control weaknesses, Sterling compromised its ability to detect, correct and prevent FWA\nin the Part D program, and increased the risk that improper payments may have occurred.\n\nCOMPLIANCE TRAINING FOR EMPLOYEES\n\nFederal regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi)(C) require that a Part D sponsor\xe2\x80\x99s compliance\nplan address effective training and education for the Part D sponsor\xe2\x80\x99s employees and its\ncontracted entities. In addition, CMS guidance in the Prescription Drug Benefit Manual, chapter\n9, \xc2\xa7 50.2.3.1, states that Part D sponsors \xe2\x80\x9c\xe2\x80\xa6 should maintain records of the time, attendance,\ntopic and results of training.\xe2\x80\x9d\n\nSterling\xe2\x80\x99s Compliance Plan requires that its employees complete compliance training and states,\nin Section IV (Training and Education), that \xe2\x80\x9c[e]ach member of Sterling\xe2\x80\x99s Workforce must\nreceive initial and annual compliance training. Failure to comply with training requirements will\nresult in disciplinary action, including possible termination.\xe2\x80\x9d In addition, the Compliance Plan\nstates that \xe2\x80\x9c[t]he Compliance Officer and appropriate Business Unit managers or supervisors, as\napplicable, shall document training of Sterling\xe2\x80\x99s Workforce and provide the documentation to\nthe Compliance Officer. The documentation will include the time and date \xe2\x80\xa6 as well as listing\nWorkforce members who attended (or otherwise received) the training.\xe2\x80\x9d\n\nSterling did not follow the provisions of its Compliance Plan to ensure that its employees\ncompleted compliance training as required by Federal regulations. Notwithstanding the\ndocumentation requirements specified in its Compliance Plan, Sterling could not support with\ndocumentation that all of its employees completed compliance training. Sterling did not have\nproper procedures in place to ensure that each employee attended compliance training. Sterling\nretained sign-in sheets as documentation of the required training, but did not ensure that each of\nits employees attended the training. Thus, there is no assurance that all of Sterling\xe2\x80\x99s employees\nreceived appropriate compliance training.\n\nCOMPLIANCE TRAINING FOR CONTRACTED ENTITIES\n\nFederal regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi)(C) require that a Part D sponsor\xe2\x80\x99s compliance\nplan address effective training and education for the Part D sponsor\xe2\x80\x99s employees and its\ncontracted entities. In addition, CMS guidance in the Prescription Drug Benefit Manual, chapter\n9, \xc2\xa7 50.2.3.2, states that (a) Part D sponsors should require that the contracted entities provide\ntheir own compliance training or, (b) where there are sufficient organizational similarities, Part D\nsponsors may choose to make their training programs available to the contracted entities.\n\nIn addition, Sterling\xe2\x80\x99s Compliance Plan requires, in Section IV (Training and Education), that its\ncontracts include a provision that requires the contracted entities to provide compliance training\nto their employees.\n\n                                                 4\n\x0cSterling did not follow the provisions of its Compliance Plan to ensure that the employees of its\ncontracted entities received compliance training as required by Federal regulations. Specifically,\nSterling did not contractually require its contracted entities to provide compliance training to\ntheir employees, as required by the Compliance Plan. Thus, there is no assurance that Sterling\xe2\x80\x99s\ncontracted entities provided the required compliance training to their employees.\n\nMONITORING OF CONTRACTED ENTITIES\n\nFederal regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi)(F) require that a Part D sponsor\xe2\x80\x99s compliance\nplan include procedures for effective internal auditing and monitoring. In addition, CMS\nguidance in the Prescription Drug Benefit Manual, chapter 9, \xc2\xa7 40.1, emphasizes that Part D\nsponsors are ultimately responsible for ensuring that Federal requirements are met for any\ncompliance functions delegated to contracted entities. In order to ensure that contracted entities\nare in compliance with Federal requirements, CMS guidance in Chapter 9, \xc2\xa7 50.2.6.1.3,\nrecommends that Part D sponsors have a plan in place to monitor and audit contracted entities\xe2\x80\x99\nresponsibilities and activities with respect to the administration and delivery of the Part D\nprogram.\n\nIn keeping with CMS guidance, Sterling\xe2\x80\x99s Compliance Plan addresses, in Section VII\n(Monitoring and Auditing), the monitoring of Sterling\xe2\x80\x99s contracted entities. In addition,\nSterling\xe2\x80\x99s Vendor Oversight Policy identifies specific monitoring activities and requires that a\ncompliance monitoring plan be in place for its contracted entities. Section IV of Sterling\xe2\x80\x99s\nVendor Oversight Policy identifies specific areas to be addressed in the compliance monitoring\nplan, to include Federal requirements and contractual requirements.\n\nSterling did not follow the provisions of its Compliance Plan and policies and procedures\nrelating to the monitoring of its contracted entities pursuant to Federal regulations. Specifically,\nSterling did not have compliance monitoring plans in place to ensure that its contracted entities\nwere in compliance with Federal and contractual requirements. Moreover, Sterling did not\nperform monitoring activities, as outlined in its Compliance Plan and policies and procedures, to\nensure the ongoing compliance of its contracted entities. Thus, there is no assurance that\nSterling\xe2\x80\x99s contracted entities were in compliance with Federal and contractual requirements.\n\nFORMATION OF A COMPLIANCE COMMITTEE\n\nFederal regulations at 42 CFR \xc2\xa7 423.504(b)(4)(vi)(B) require that a Part D sponsor\xe2\x80\x99s compliance\nplan include the designation of a compliance officer and a compliance committee, both of whom\nare accountable to senior management. In addition, Sterling\xe2\x80\x99s Compliance Plan and policies and\nprocedures require that Sterling establish a compliance committee. Sterling\xe2\x80\x99s Compliance Plan\nstates, in Section II (Compliance Officer and Compliance Committee), that \xe2\x80\x9cSterling will\nestablish a Compliance Committee to advise the Compliance Officer and assist the Compliance\nOfficer in implementation of this Compliance Plan\xe2\x80\xa6. The Compliance Committee will be\naccountable to senior management\xe2\x80\xa6.\xe2\x80\x9d\n\nSterling did not follow the provisions of its Compliance Plan and policies and procedures\nrelating to the designation of a compliance committee pursuant to Federal regulations.\n\n                                                 5\n\x0cSpecifically, Sterling did not establish a formal compliance committee until May 2009.\nAccording to Sterling officials, an informal ad hoc committee served in place of a formal\ncompliance committee. The absence of a formally designated compliance committee may have\nhindered Sterling\xe2\x80\x99s ability to effectively implement its Compliance Plan and communicate any\npotential risks associated with the Part D program to senior management.\n\nRECOMMENDATIONS\n\nWe recommend that Sterling strengthen internal controls by following the provisions of its\nCompliance Plan by:\n\n  \xe2\x80\xa2   establishing policies and procedures to maintain documentation to support that its\n      employees completed compliance training pursuant to Federal regulations,\n\n  \xe2\x80\xa2   revising its contracts to require that contracted entities provide compliance training to their\n      employees as required by Federal regulations,\n\n  \xe2\x80\xa2   adhering to its policies and procedures to monitor the activities of its contracted entities as\n      required by Federal regulations, and\n\n  \xe2\x80\xa2   adhering to its policies and procedures to establish a formal compliance committee\n      pursuant to Federal regulations.\n\nSTERLING LIFE INSURANCE COMPANY COMMENTS\n\nIn written comments on our draft report, Sterling concurred with our recommendations and\ndescribed corrective actions that it had implemented or planned to implement.\n\nSterling\xe2\x80\x99s comments are included in their entirety as the Appendix.\n\n\n\n\n                                                  6\n\x0cAPPENDIX\n\x0c                                                                                                 Page 1 of 4\n\n\nAPPENDIX: STERLING LIFE INSURANCE COMPANY COMMENTS \n\n\n\n\n\n                   STERLING Life Insurance Company\n                                    Real People. Wise Choices.\'\n\n\n\n\n   Sterling Life Insurance Company\n   2219 Rimland Drive\n   Bellingham, WA 98226\n\n\n   July 28, 2010\n\n   Patrick J. Cogley\n   Regional Inspector General for Audit Services\n   Region VII\n   601 East lih Street\n   Room 0429\n   Kansas City, Missouri 64106\n\n   RE: Report Number A-07-09-03136\n\n\n\n   Dear Mr. Cogley:\n\n   Enclosed please find Sterling Life Insurance Company\'s (Sterling) response to the U.S.\n   Departrnent of Health and Hurnan Services, Oftice of Inspector General (OIG) draft\n   report entitled Review a/Sterling Life Insurance Company\'s Internal Controls to Guard\n   Against Fralld. Waste and Abuse /orthe Medicare Pari D P\'\xc2\xb7ogram.\n\n   If you have any questions or cOIrunents please do not hesitate to call me at 360-392\xc2\xb79098,\n   or contact Mauhew Cooper, Compliance Analyst, at 360\xc2\xb7392\xc2\xb79357, or through email at\n   !D~nhew.~[@~t!:rlingplanS.CQm.\n\n   Sincerely, \n\n\n\n\n   Craig A.ndway \n\n   Vice PI~~ident. Compliance and Regulatory All~\'\\ir~; \n\n\n\n\n\n   Anachment \n\n\n\n\n\n                  i!l\'-l Riml;1l1d UII\\\'!\' \xe2\x80\xa2 ro Bnx 5HK I>HI!llqh,lITl. INA 98227\xc2\xb7):I\'t8 \n\n             loll free. I 88R\xc2\xb78~lS\xc2\xb78~\xc2\xb716 \xe2\x80\xa2 FtlX 1"(J (,47 8td2 \xe2\x80\xa2 IV"\'.V <lr\xc2\xb7rlmqpla",,(nr,\xc2\xb7, \n\n\x0c                                                                                           Page 2of4\n\n\n\n\nSterling Life Insurance Company\'s response to the U.S. Department of Health and\nHuman Services, Ofiice of Inspector General (010) draft report entitled Review of\nSterling Life Insurance Company\'s Internal Controls to Guard Against Fraud. Waste and\nAbuse for the Medicare Part D Program (Report Number A-07-09-03136)\n\n\nFinding #1:\n\nSterling had several internal control weaknesses that compromised its ability to detect,\ncorrect and prevent FWA in the Part D program during the period of July I, 2007,\nthrough June 30, 2009.\n\nSterling did not ensure that its employees completed compliance training pursuant to\nFederal regulations.\n\nRecommendation:\n\nWe recommend that Sterling strengthen internal controls by following the provisions of\nits Compliance plan by establishing policies and procedures to maintain documentation to\nsupport that its employees completed compliance training pursuant to Federal\nregulations.\n\nResponse:\n\nSterling concurs with the recommendation.        The Sterling Compliance Plan was\nimplemented in January 2009 and revised in November 2009. The Compliance Plan\ncontains policy and procedures outlining the training and education of Sterling\'S\nworkforce. Elements of this training include, but are not limited to, an overview of the\nPart C and Part D programs; fraud, waste and abuse controls; privacy and security; and\ncompliance training specialized for individual business units. The methods used to\nadminister training were under development during the review period but have since been\nformalized. Initial and annual compliance training is administered by the Compliance\nDepartment and its effectiveness is measured through testing. Calendar year (CY) 2009\ncompliance training was completed in April 2010 and CY 2010 training will be\nconducted in September 2010, thence on an annual basis. The Compliance Department\nmaintains employee records related to compliance training.\n\n\n\nFinding #2:\n\nSterling had several internal control weaknesses that compromised its ability to detect,\ncorrect and prevent FWA in the Part D program during the period of July I, 2007,\nthrough June 30, 2009.\n\x0c                                                                                                 Page 3 of4\n\n\n\n\nSterling did not require its contracted entities to provide compliance training to their\nemployees as required by Federal regulations.\n\nRecommendation:\n\nWe recommend that Sterling strengthen intemal controls by following the provisions of\nits Compliance plan by revising its contracts to require that contracted entities provide\ncompliance training to their employees as required by Federal regulations.\n\nResponse:\n\nSterling concurs with the recommendation. Sterling maintains oversight of contracted\nentities through the appointment of Vendor Relationship Managers who coordinate key\nfunctions and contract requirements between the parties. Upon request, Sterling\'s\npharmacy benefit managers (PBMs) were able to provide documentary evidence of\ncompliance training provided to their employees. The contract update process with\nSterling\'s PBMs has been initiated and contracts will be amended to require contracted\nentities to provide compliance training to their employees.\n\n\n\nFinding #3:\n\nSterling had several intemal control weaknesses that compromised its ability to detect,\ncorrect and prevent FWA in the Part D program during the period of July J, 2007,\nthrough June 30, 2009.\n\nSterling did not perform monitoring activities of its contracted entities as required by\nFederal regulations.\n\nRecommendation:\n\nWe recommend that Sterling strengthen intemal controls by following the provisions of\nits Compliance plan by adhering to its policies and procedures to monitor the activities of\nits contracted entities as required by Federal regulations.\n\nResponse:\n\nSterling agrees that it can improve its oversight of contracted entities. Sterling performed\naudits of its PBMs dming the review period. Auditing of Am Wins began on April 2,\n2009, and was completed on June 10, 2009. ESI was audited in October 2008 and again,\nbeginning in June 2009. This audit was finalized in September 2009. Auditing of both\ncontracted entities addressed methods of controlling fraud, waste and abuse.\n\nIn an effort to further strenbrthen its oversight of contracted entities, Sterling implemented\na program of vendor oversight in June 2009 and appointed Vendor Relationship\n\n\n2\n\x0c                                                                                           Page 4 of 4\n\n\n\n\nManagers tasked with the responsibility of overseeing and coordinating the key functions\nand contract requirements of Sterling\'s contracted entities. The oversight of Sterling\'s\nPart D PBMs was augmented with monitoring grids, which outline contractual and\nregulatory requirements and the methods used to meet them. The grids are used to\nidentify potential gaps in meeting requirements before they occur. Vendor Relationship\nManagers report to Sterling senior management and the Compliance Oftker.\n\nSterling will continue to utilize Vendor Relationship Managers and targeted audits to\noversee and monitor the activities of its contracted entities.\n\n\n\nFinding #4:\n\nSterling had several internal control weaknesses that compromised its ability to detect,\ncorrect and prevent FWA in the Part D program during the period of July I, 2007,\nthrough June 30, 2009.\n\nSterling did not have a compliance committee pursuant to Federal regulations.\n\nRecommendation:\n\nWe recommend that Sterling strengthen internal controls by following the provisions of\nits Compliance plan by adhering to its policies and procedures to establish a fonmal\ncompliance committee pursuant to Federal regulations.\n\nResponse:\n\nSterling concurs with the recommendation and had modified its policies before the end of\nthe period under review. Prior to October 2008, Sterling\'s Compliance Officer reported\ncompliance matters on a quarterly basis to the Board of Directors, which is responsible\nfor compliance oversight. The Compliance Oftice attended quarterly Board meetings and\nprovided an oral report of compliance activities and oversight for the previous quarter,\naccompanied by a detailed written report. Since October 2008, Sterling\'s Compliance\nOfficer submits a quarterly report to the Board of Directors Audit and Compliance\nCommittee.\n\nSterling reorganized its management level Compliance Committee in April 2009 and held\nthe first meeting of the reorganized committee in May 2009. Quarterly meetings have\nbeen held since that time. Duties of the Committee include but are not limited to:\nestablishing standards of conduct and policies and procedures; perfonning a compliance\nrisk assessment; and developing an annual internal audit plan.\n\n\n\n\n3\n\x0c'